In the long run the Kerberos password is a problem because the human
brain does not obey Moore's law. As I see it the solution is to use
some form of two-factor authentication for the initial ticket exchange.
So what options are there in that space?
AFAIK none --- with the standard open
So what options are there in that space?
AFAIK none --- with the standard open source servers. There are
patches available for MIT to support CRYPTOcard and SecureID. There
are patches available for Heimdal to support X509 certificates
(PKINIT).
Just as a note: if you want to go down the
July 2004 19:10
To: [EMAIL PROTECTED]
Subject: Two-factor Authentication Options?
In the long run the Kerberos password is a problem because the human
brain does not obey Moore's law. As I see it the solution is to use
some form of two-factor authentication for the initial ticket exchange.
So
Given all the issues I didn't want to get into, maybe I shouldn't have
mentioned SecureID. Since I did mention it, it's good to have your
caveat on the record.
Just trying to make sure I really know what exists.
On Jul 15, 2004, at 11:27 AM, Ken Hornstein wrote:
So what options are there in
[EMAIL PROTECTED] (Henry B. Hotz) writes:
In the long run the Kerberos password is a problem because the human
brain does not obey Moore's law. As I see it the solution is to use
some form of two-factor authentication for the initial ticket exchange.
So what options are there in that space?